Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL statement not executing.

 
Ravi Harishchandra
Greenhorn
Posts: 17
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hii...the mentioned SQL statement is just not executing, The code is as below:
The error I'm getting is : java.sql.SQLException: Invalid SQL type: sqlKind = UNINITIALIZED
CODE::
Statement st1 = con.createStatement();
st1.executeUpdate("insert into customer values('"+ id1 +"','"+ name +"','"+ addr +"','"+ cont +"','"+ email+"','" + city +"','" + state + "','" + from +"','" + to + "','"+ room +"','" + adv +"','" + room_no +"','"+ differenceInDays +"')"); // the first statement works absolutely fine, inserting all the values in database.
st1.executeUpdate("update" + room + "set FLAG=1 where RNO = " + room_no +"");// this statement here is not executing, values room and room_no are inserted in database in the above SQL query
con.close();
res.close();

 
Rob Spoor
Sheriff
Pie
Posts: 20388
46
Chrome Eclipse IDE Java Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't you mean update customer set FLAG=1 where RNO = " + room_no? Because room is a value, not the name of a table.

You should also definitely start using PreparedStatement. Right now that code is highly susceptible to SQL injection.
 
Paul Clapham
Sheriff
Pie
Posts: 20196
26
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's also susceptible to failing if you get the tiniest thing wrong in that horrible mess of single and double quotes. And it's easy to get that wrong. PreparedStatement makes parametrized queries infinitely easier, you should definitely be using it.
 
aadhira sharma
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for this link.
 
chris webster
Bartender
Pie
Posts: 2366
31
Linux Oracle Postgres Database Python Scala
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
  • Try printing your SQL statements out so you can see what your DB is trying to execute. I think your SQL UPDATE needs a space after the "update", for example.
  • But as the others have said, using concatenated SQL strings like this is the wrong approach anyway.
  • Write and test your SQL separately (outside Java) using your database's SQL shell, so you can be sure you've got your SQL right before you start messing around in Java.
  • Then use a PreparedStatement with bind variables in Java for your SQL because it's easier to write/read/maintain, more secure (helps prevent SQL injection) and more efficient (allows your database to re-use the parsed SQL).

    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic